Insight

The COVID-19 pandemic is likely to go down in history as one of the defining moments of our lifetime. From a business perspective, it transformed business models, changed customer expectations, and disrupted the networks that run businesses. These changes are long lasting and accelerated the digital transformation journey, a journey that is now driven by cybersecurity impacts and needs.   It’s no secret that the shift to remote working at the start of the pandemic...

With work still to be done to boost diversity and inclusion in cyber security, KPMG UK’s Katie Diacon unpacks where some of the challenges exist, and what could make a difference. Cyber security is one of the most innovative and dynamic sectors to work in, and it is increasingly vital to the operational resilience of organisations. Katie Diacon, Director, TMT Cyber Security, KPMG in the UK, says success in the sector requires “a great combination...

Most careers might take an unexpected turn from time to time but very few people see the path of their entire professional existence re-wired, without warning, in a single morning.   One who did is Tracy Reinhold, now the chief security officer at critical event management company Everbridge, which has been described as the most successful security company nobody has heard of.   The morning was September 11, 2001, probably the first time in world history when a billion human beings alive at the time will be able to say without hesitation what they were doing on a single day. Most of us remember very little but this was an unwanted reminder that there are a few things about...

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis.   Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.   Then organisations across every...

Many organisations are working to modernise their existing applications and integrate secure apps across their environments to keep pace with business demands.  Modern application development relies on Application Programming Interfaces (APIs), which enable services and products to communicate with each other and leverage each other’s data and functionality to support business operations.  APIs are business critical – the most popular web applications and innovative services run on APIs.  While APIs help businesses accomplish many strategic...

The pre-COVID-19 CISO. The global COVID-19 pandemic has been a tumultuous time for Chief information security officers (CISOs) who on any given day have a long and complicated list of responsibilities. CISOs are no strangers to disruption and challenges, but during the pandemic they have faced many disruptions it has caused and created a wealth of new challenges. Securing a rapid transition to a remote workforce. COVID-19 accelerated the shift to remote working globally and,...

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project was for governments to monitor terrorist activity. However, this recent story, if true, could suggest that the solution has been...

Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes - and sometimes hours - organisations are on their own. It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call...

In the famous words of David Byrne, there is no time for “dancing, or lovey dovey” when it comes to security. In a world where technology is constantly evolving, it is important to always stay on top of protecting confidential and sensitive information. The standard go-to for security within organisations is the account-based approach; however, this exposes the issue with specialised IT resources being so heavily involved in identity and account administration. The way accounts...

Vulnerabilities in enterprise IT are everywhere. While it’s clear that they need to be addressed, how to do so isn’t as clear. The sheer number of vulnerable software versions in an enterprise environment can be overwhelming, making it challenging to address them. The process requires time: to identify the need for an update, to create and test a successful update package, and then to deploy that throughout the environment. As a result, it isn't realistic...